THREAT LEVEL - CRITICAL

13-06-2024

New Critical Microsoft Outlook Zero-Click RCE Flaw Executes when Email is Opened

Threat Level Description

IthacaLabs has maintained the Threat Level (High) adding a new observation Critical – An attack is expected imminently. Maximum protective security measures are required to meet specific threats and minimize the associated risk. Critical level may also be used if a terrorist attack is expected seeking to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the economy and damage public morale and confidence.

Description

We have observed that a critical zero-click remote code execution (RCE) vulnerability in Microsoft Outlook has been identified.

A remote unauthenticated attacker, by exploiting this vulnerability, could execute arbitrary code with the same privileges as the user running Outlook. This can lead to a full system compromise, data theft, or further propagation of malware within a network.

This issue, assigned as CVE-2024-30103, lies in the way Microsoft Outlook processes certain email components.

When a specially crafted email is opened, it triggers a buffer overflow, allowing the attacker to execute arbitrary code with the same privileges as the user running Outlook.

The CVE-2024-30103 vulnerability is particularly alarming due to its zero-click nature and its high probability of exploitation. Unlike traditional phishing attacks that require user interaction, this flaw can be exploited without any action from the user. When the recipient opens the email, the exploit is triggered.

Furthermore, this vulnerability is notably dangerous for accounts using Microsoft Outlook’s auto-open email feature.

Given the widespread use of Microsoft Outlook in corporate and personal environments, CVE-2024-30103’s potential impact is vast. Organizations are particularly at risk, as a successful exploit could lead to significant data breaches, financial loss, and reputational damage.

CVE(s)

2024-30103

Affected Systems

Microsoft Outlook clients

Recommendation(s)

You should proceed immediately and implement the relevant security patches and latest updates, provided by Microsoft.

Furthermore, robust email filtering and monitoring solutions can help detect and block malicious emails before they reach end-users.

You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.

The guidelines below will help you protect against e-Fraud and its associated security threats:

  • Do not open e-mail from unknown sources. Opening file attachments od clicking on web links in suspicious emails could expose your system to malicious code that could hijack your computer.
  • Never respond to a suspicious email or click on any hyperlink embedded in a suspicious email. Call the purported source if you are unsure who sent an email.
  • If an email claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.
  • Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
  • It is strongly recommended to implement a Security Awareness program, addressed to all your management and staff, designed to increase the level of understanding regarding Social Engineering and security threats in general

References:

SIGN UP

Get the latest Threat Alerts in your inbox.